Numerous problems with postfix's newaliases.

Aleksey Nogin aleksey at nogin.org
Wed Apr 28 06:58:31 UTC 2004 

When MTA is set to postfix, if I try to use newaliases in enforcing 
mode, I get:

audit(1083135148.926:0): security_compute_sid:  invalid context 
root:system_r:sysadm_mail_t for scontext=root:sysadm_r:sysadm_mail_t 
tcontext=system_u:object_r:postfix_master_exec_t tclass=process

and execution fails.

In permissive mode, I see:

audit(1083135243.731:0): security_compute_sid:  invalid context 
root:system_r:sysadm_mail_t for scontext=root:sysadm_r:sysadm_mail_t 
tcontext=system_u:object_r:postfix_master_exec_t tclass=process
audit(1083135243.732:0): avc:  denied  { transition } for  pid=29608 
exe=/usr/sbin/sendmail.postfix path=/usr/sbin/postalias dev=hda2 
ino=392740 scontext=root:sysadm_r:sysadm_mail_t 
tcontext=root:system_r:sysadm_mail_t tclass=process
audit(1083135243.732:0): avc:  denied  { entrypoint } for  pid=29608 
exe=/usr/sbin/sendmail.postfix path=/usr/sbin/postalias dev=hda2 
ino=392740 scontext=root:system_r:sysadm_mail_t 
tcontext=system_u:object_r:postfix_master_exec_t tclass=file
audit(1083135243.733:0): avc:  denied  { use } for  pid=29608 
exe=/usr/sbin/postalias path=/proc/net/if_inet6 dev= ino=-268434827 
scontext=root:system_r:sysadm_mail_t 
tcontext=root:sysadm_r:sysadm_mail_t tclass=fd
audit(1083135243.733:0): avc:  denied  { siginh } for  pid=29608 
exe=/usr/sbin/postalias scontext=root:sysadm_r:sysadm_mail_t 
tcontext=root:system_r:sysadm_mail_t tclass=process
audit(1083135243.733:0): avc:  denied  { rlimitinh } for  pid=29608 
exe=/usr/sbin/postalias scontext=root:sysadm_r:sysadm_mail_t 
tcontext=root:system_r:sysadm_mail_t tclass=process
audit(1083135243.733:0): avc:  denied  { noatsecure } for  pid=29608 
exe=/usr/sbin/postalias scontext=root:sysadm_r:sysadm_mail_t 
tcontext=root:system_r:sysadm_mail_t tclass=process
audit(1083135243.757:0): avc:  denied  { write } for  pid=29608 
exe=/usr/sbin/postalias name=postfix dev=hda2 ino=4055697 
scontext=root:system_r:sysadm_mail_t 
tcontext=system_u:object_r:postfix_etc_t tclass=dir
audit(1083135243.757:0): avc:  denied  { add_name } for  pid=29608 
exe=/usr/sbin/postalias name=__db.aliases.db 
scontext=root:system_r:sysadm_mail_t 
tcontext=system_u:object_r:postfix_etc_t tclass=dir
audit(1083135243.757:0): avc:  denied  { create } for  pid=29608 
exe=/usr/sbin/postalias name=__db.aliases.db 
scontext=root:system_r:sysadm_mail_t 
tcontext=root:object_r:postfix_etc_t tclass=file
audit(1083135243.758:0): avc:  denied  { write } for  pid=29608 
exe=/usr/sbin/postalias path=/etc/postfix/__db.aliases.db dev=hda2 
ino=4055330 scontext=root:system_r:sysadm_mail_t 
tcontext=root:object_r:postfix_etc_t tclass=file
audit(1083135243.764:0): avc:  denied  { remove_name } for  pid=29608 
exe=/usr/sbin/postalias name=__db.aliases.db dev=hda2 ino=4055330 
scontext=root:system_r:sysadm_mail_t 
tcontext=system_u:object_r:postfix_etc_t tclass=dir
audit(1083135243.764:0): avc:  denied  { rename } for  pid=29608 
exe=/usr/sbin/postalias name=__db.aliases.db dev=hda2 ino=4055330 
scontext=root:system_r:sysadm_mail_t 
tcontext=root:object_r:postfix_etc_t tclass=file

-- 
Aleksey Nogin

Home Page: http://nogin.org/
E-Mail: nogin at cs.caltech.edu (office), aleksey at nogin.org (personal)
Office: Jorgensen 70, tel: (626) 395-2907

More information about the fedora-selinux-list mailing list